Search This Blog

Jolt Attack:Denial of service

The attacker sends the same IP packets (illegally fragmented ICMP ECHOs or illegally fragmented UDP packets) to the attacked machine. "the affected systems contain a flaw in the code that performs IP fragment re-assembly. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected machine, it could be made to devote most or all of its CPU ability to processing them. The data rate needed to completely deny service varies depending on the machine and network conditions, but in most cases even relatively moderate rate would suffice."

To show fragmentation in practice I choose traces underneath. The first example indicates not fragmented ICMP packet and the second example Indicates fragmented ICMP packets. Examples one and two are not showing the hole packets, but just part of them.

Now we will use targa to launch jolt attack and analyse it with the help of tcpdump.

We have used option 2 to launch jolt attack from targa DOS tool.Now lets go to tcpdump and see what we have.

So we can see following things from above dump:1)it sends lots of fragmented packets.2)packets are highly fragment.3)they are out of order as you can see after offset 46736 we have offset 471204)fragmentation is not legal i.e if you add the data length of packet in offset you wont get the next offset.
example offset + length =next-offset
46736+(400-20)=47116 !=47120

Comments

Post a Comment

Popular posts from this blog

Steps
1:download the page.
2:open fc4.js in your favourite editor and add following lines in it or just replace it with vode given below.
3:then open the download html file in browser and fill the form with your email and a garbage value string.
4:thats it? it will show you the real security string??
yeah but ...theirs another challenge waiting for you ... :D

I recently started working on widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8.
Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv…